34,333
edits
Changes
→Replay Attacks
== Replay Attacks ==
Replay attacks are a variation on the man-in-the-middle theme. In a replay attack an agent is once again placed within the the client / server line of communication. In the case of a Replay attack, however, the transaction data is recorded for the express purpose of allowing the data to be modified and replayed to the server at a later time for nefarious purposes. For example, a replay attack might record the entire process of a user logging into a banking web site and performing transactions. The recorded transcript may then be replayed to repeat the login sequence for the purposes of stealing money from the account.
Replay attacks are best countered using encryption, timestamps, serial numbers and packet sequences so that the server can detect that the data is being replayed from a previous session.
== TCP/IP Hijacking ==
